Skip to main content

Triton Inference Server CVE-2026-24208

| EUVDEUVD-2026-31052 MEDIUM
Path Traversal (CWE-22)
2026-05-20 nvidia GHSA-q9w5-fmq7-c9x3
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
Analysis Generated
May 20, 2026 - 04:04 vuln.today

DescriptionCVE.org

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. A successful exploit of this vulnerability might lead to denial of service.

AnalysisAI

Path traversal exploitation in NVIDIA Triton Inference Server enables unauthenticated remote attackers to cause denial of service by submitting crafted requests containing malicious path components. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms zero authentication or user interaction is required, making this broadly reachable from the network with low attack complexity. No public exploit code has been identified and the vulnerability is not listed in the CISA KEV catalog at time of analysis; however, the no-prerequisite attack profile warrants patching per NVIDIA's advisory at nvidia.custhelp.com.

Technical ContextAI

NVIDIA Triton Inference Server is an open-source, production-grade ML inference serving platform designed to deploy and serve AI models at scale, commonly exposed via HTTP/gRPC endpoints in cloud and on-premises ML infrastructure. The root cause is CWE-22 (Improper Limitation of a Pathname to a Restricted Directory - Path Traversal), a class of vulnerability where user-supplied input is incorporated into filesystem path construction without adequate canonicalization or boundary enforcement. In Triton's case, the traversal does not result in file disclosure (C:N, I:N in CVSS) but instead triggers a condition - such as an unhandled exception, resource exhaustion, or invalid path dereference - that degrades or terminates the inference service. The CPE string cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:* uses a wildcard version field, indicating NVD has not bounded the affected range to specific releases, implying broad version exposure.

RemediationAI

Consult and apply the guidance in the NVIDIA security advisory at https://nvidia.custhelp.com/app/answers/detail/a_id/5828, which is the authoritative source for fixed versions and official mitigations. No specific patched release version was present in the available intelligence, so exact upgrade targets should be confirmed directly from that advisory before deployment. As a compensating control pending patch application, restrict network access to Triton Inference Server API endpoints (default HTTP port 8000, gRPC port 8001) to trusted internal hosts or authenticated proxies only - this directly limits the attack surface given the AV:N/PR:N vector. Note that network-layer restrictions may not be feasible in public-facing inference deployments and do not address the root cause. Input validation at an API gateway or reverse proxy to reject requests containing path traversal sequences ('../', '%2e%2e%2f') is an additional layer but carries risk of false positives affecting legitimate model or repository path parameters.

More in Nvidia

View all
CVE-2016-1741 CRITICAL POC
9.8 Mar 24

The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary c

CVE-2013-0109 HIGH POC
7.2 Apr 08

The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not

CVE-2019-5684 CRITICAL POC
10.0 Aug 06

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially craft

CVE-2026-24207 CRITICAL POC
9.8 May 20

Authentication bypass in NVIDIA Triton Inference Server allows unauthenticated remote attackers to reach protected funct

CVE-2019-5685 CRITICAL POC
9.8 Aug 06

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially craft

CVE-2025-23359 HIGH POC
8.3 Feb 12

NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default co

CVE-2016-8812 HIGH POC
8.8 Nov 08

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before G

CVE-2016-1861 HIGH POC
7.8 Jun 19

The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privi

CVE-2024-0132 HIGH POC
8.3 Sep 26

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with de

CVE-2016-1846 HIGH POC
7.8 May 20

The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows a

CVE-2015-7865 HIGH POC
7.7 Nov 24

nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before

CVE-2016-8811 HIGH POC
7.8 Nov 08

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 3

Share

CVE-2026-24208 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy